Renew your SSL certificates on StartSSL

Over one year ago, we requested certificates on StartSSL. But, they have expired earlier this year. So, we had to renew them.

For those who don't know StartSSL, it's a certification authority recognized by most operating systems (Windows, Linux, ...) and allows you to get free SSL certificates. More info in our previous article : Secure your website for free with StartSSL

To begin, we will renew our client certificate. Because without this certificate, you will no longer have access to your account StartSSL and you would have to register again (and therefore wait that the registrations are reopened because it's by period). In short, on the right of your client certificate, click on the little blue arrow button and click Renew.

Select "Client S/MIME and Authentication Certificate".

Because it's been over a month since we validated our email address, this e-mail validation is no longer valid. Nevertheless, just click on the link "Email Validation" to validate it again.

Enter your email address and click on "Click to send validation code". Note : the code sent by email is only valid during 15 minutes.

You will receive a verification code to your email address.

Enter the code and click on "Validation".

Your email address has been validated. This validation is valid during 30 days.

Click on : To "Order Client Certificate".

Enter the email address that you just validate in the box. Then, select "Generated by System ..."and enter a password to protect the private key of your client certificate. Then, click on "submit".

StartSSL shows you the private key in PEM format. Click "Download Private Key" and keep this file in a safe place.

Then, when you try to log on the StartSSL website, the "User Identification Request" window will be displayed. As you can see, the new certificate will expire in March 2017, while the old certificate expired in March 2016.

You still have access to your account, but with the new certificate.

3. Renew the certificate for your web server

For that, go to the Tool Box and locate the SSL certificate to be renewed (not the client, but the other). Next to it, you will find a button with a small triangle, click it and click Renew.

Choose "Web Server SSL/TLS Certificate".

If domain verification must be performed again, click on the "Domain Validation" link displayed in the message.

Enter the root domain name (without the www.).

StartSSL will check the whois of your domain and it will ask you to choose the email address to which you want to receive the verification code. Note : This is the email address of the owner and the various contacts of your domain.

Then, click on "Send Verification Code".

You will receive a code by email.

Just paste it in the box. Then, click Validation.

Now, your domain validation has been completed and will be valid for 30 days (as indicated by StartSSL). Click "To Order SSL Certificate" to continue to renew your SSL certificate.

Enter the fully qualified domain name (with the www subdomain if your site is accessible from that subdomain) in the box. Then, select whether you want to generate your SSL certificate from : - a certificate signing request in PEM format - or if you want that StartSSL generates the certificate request automatically.

Finally, enter a password to protect the private key.

StartSSL shows you the private key in PEM format that you can use with your future SSL certificate. Click "Download Private Key" or paste the entire text (with the BEGIN and END lines ...) in a "name.key" file.

Then, click Submit.

Now, StartSSL issued (created and signed) your new SSL certificate. Click on the "here" link to download your certificate, intermediate certificates and root certificates of StartSSL that you will need to configure the https on your Apache web server, for example.

Since the new version of their site, StartSSL offers certificates for various known web servers.